2cb1f8ad6e
apps/rebreak-binder-mac/ — neue macOS-App die User durch den kompletten Self-Bind-Prozess führt: Welcome → Preflight → Supervise → Enroll → Configure (MDM-Push + Pre/Post-Check) → Sideload Lock-Profile (AirDrop). 3-Layer Smart-Resume: supervised? + Enrollment-Profil installed (cfgutil Ground-Truth)? + MDM-Ack fresh (NanoMDM-DB via ssh+psql)? Services: DeviceDetector (ideviceinfo + cfgutil), SuperviseRunner (spawnt supervise-magic CLI), MDMClient (PUT /v1/enqueue?push=1, Apple XML-Plist, identisch zum server-watcher-Format), MDMStatus (DB-Real- Check + ManagedApplicationList-Result-Read). Plus: - fix(supervise-magic): EOF nach ProcessMessage Response (ErrorCode=0) ist Success, nicht Error — vermeidet false-fail bei iPhone-Restore- Reboot - feat(mdm-profiles): rebreak-content-filter-mdm.mobileconfig als MDM-Push-Variante (ohne ConsentText, ohne globales allowAppRemoval= false — per-app via managed-state) End-to-End validiert: App-Push via Ad-Hoc-Manifest (silent), Managed- State via ManagedApplicationList-Query, NEFilter-Mode nach App-Force- Quit, Lock-Profile non-removable nach Sideload. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
61 lines
2.2 KiB
Swift
61 lines
2.2 KiB
Swift
import Foundation
|
|
|
|
struct DeviceState: Equatable {
|
|
var udid: String
|
|
var productType: String
|
|
var productVersion: String
|
|
var deviceName: String
|
|
|
|
var isFmiOn: Bool? // nil = unknown / not yet checked
|
|
var isSdpOn: Bool?
|
|
var isSupervised: Bool?
|
|
var supervisorOrgName: String? // z.B. "ReBreak" wenn schon by uns gebunden
|
|
var isEnrolled: Bool?
|
|
var enrollmentStatus: EnrollmentStatus? // Real-Check via NanoMDM-DB
|
|
var installedProfileIDs: [String] = [] // cfgutil-list — Ground-Truth!
|
|
var installedAppBundleIDs: [String] = [] // cfgutil installedApps — für Pre-Check
|
|
var isManaged: Bool?
|
|
var isFilterActive: Bool?
|
|
|
|
/// Identifier des Enrollment-Profils — muss mit ops/mdm/enrollment-profile matchen.
|
|
static let enrollmentProfileID = "org.rebreak.mdm.enrollment"
|
|
/// Identifier des Lock-Sideload-Profils.
|
|
static let lockProfileID = "org.rebreak.protection.contentfilter.sideload"
|
|
|
|
var isOwnedByReBreak: Bool {
|
|
(isSupervised == true) && (supervisorOrgName?.localizedCaseInsensitiveCompare("ReBreak") == .orderedSame)
|
|
}
|
|
|
|
/// Ground-Truth: ist das Enrollment-Profil aktuell auf dem iPhone installiert?
|
|
/// (cfgutil-Liste statt NanoMDM-DB — DB hat Lag wenn User Profil manuell entfernt.)
|
|
var hasEnrollmentProfile: Bool {
|
|
installedProfileIDs.contains(Self.enrollmentProfileID)
|
|
}
|
|
|
|
var hasLockProfile: Bool {
|
|
installedProfileIDs.contains(Self.lockProfileID)
|
|
}
|
|
|
|
/// True nur wenn iPhone supervised durch uns IST, das Enrollment-Profil tatsächlich
|
|
/// installiert ist, UND MDM-Channel kürzlich aktiv war.
|
|
var isFullyBound: Bool {
|
|
isOwnedByReBreak && hasEnrollmentProfile && (enrollmentStatus?.isFresh == true)
|
|
}
|
|
|
|
var displayModel: String {
|
|
Self.modelMap[productType] ?? productType
|
|
}
|
|
|
|
private static let modelMap: [String: String] = [
|
|
"iPhone18,4": "iPhone Air",
|
|
"iPhone17,1": "iPhone 16 Pro",
|
|
"iPhone17,2": "iPhone 16 Pro Max",
|
|
"iPhone17,3": "iPhone 16",
|
|
"iPhone17,4": "iPhone 16 Plus",
|
|
"iPhone16,1": "iPhone 15 Pro",
|
|
"iPhone16,2": "iPhone 15 Pro Max",
|
|
"iPhone15,4": "iPhone 15",
|
|
"iPhone15,5": "iPhone 15 Plus",
|
|
]
|
|
}
|